Skip to content

Commit ffea7d7

Browse files
alexander-smolyakovalexander-smolyakov
authored
[universal] Update urllib3 package due to GHSA-g4mx-q9vg-27p4 (#843)
* [patch-python] Bump `urllib3` version to address CVE-2023-45803 * Add test * Restart checks * Restart checks * Restart checks
1 parent b703500 commit ffea7d7

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

src/universal/.devcontainer/local-features/patch-python/install.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,3 +44,6 @@ update_package() {
4444

4545
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
4646
update_package /usr/local/python/3.9.*/bin/python setuptools 65.5.1
47+
48+
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
49+
update_package /usr/local/python/3.10.*/bin/python urllib3 2.0.7

src/universal/test-project/test.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,7 @@ ls -la /home/codespace
189189
## Python - current
190190
checkPythonPackageVersion "python" "setuptools" "65.5.1"
191191
checkPythonPackageVersion "python" "requests" "2.31.0"
192+
checkPythonPackageVersion "python" "urllib3" "2.0.7"
192193

193194
## Python 3.9
194195
checkPythonPackageVersion "/usr/local/python/3.9.*/bin/python" "setuptools" "65.5.1"

0 commit comments

Comments
 (0)